How the Beacon Medical Group manages your personal information?
Patient Information Privacy Notice
The Practice keeps information about you, your health, treatment and care. Health records are held on paper and electronically. We have a legal duty to keep accurate health records. Personal Information must be kept confidential and secure in line with Data Protection Legislation and Regulation.
What is personal information?
This is information that can identify you and includes: • your name, date of birth, address, phone numbers and email address • your hospital number and NHS number • information about your health, care, treatment and results of investigations
We may also ask for other information, e.g. whether you have a disability, your religion or beliefs, sexuality and race. It is important we have as complete a picture of you as possible to ensure that we are aware of and can plan to meet any particular care needs.
Data Protection Legislation and Regulation The practice must manage your personal information in line with the:
UK Data Protection Act 18 EU General Data Protection Regulation (GDPR)
We must be clear about the legal basis for processing your information and we record this.
Our staff members are trained to handle your information correctly and protect your privacy. We aim to maintain high standards and we regularly check and report on how we are doing. Where we , as a practice find that we fall below the acceptable standards we investigate and report serious incidents to the Information Commissioner’s Office (ICO).
How do we use your information for direct care?
For Beacon Staff to be involved in your treatment we need to have accurate and up to date information to assess your health and provide you with care. As a GP Practice, we have been authorised by the government to provide healthcare and as such must keep accurate records for this care. Under GDPR our legal basis for holding this information is Article 6(1) (e) and 9(2) (h).
You may receive care from staff from other care organisations (such as Devon Doctors, Livewell South West and University Hospital Plymouth NHS Trust) and it will be necessary for us to share relevant information with them to insure that your care is optimised. This will include other health care, social care and educational organisations. Your identifiable information will only be shared for direct care purposes.
What we do not use your information for.
Your health information is never collected for direct marketing and is not sold on to third parties. We do not use your information to make automated decisions with no human intervention.
How long do we keep your health record for?
This personal information forms part of your health record (a lifelong record) and needs to be kept to enable General Practice to provide a high standard of care to you. Information is held for specified periods of time as set out in the Records Management Code of Practice for Health and Social Care 2016 – NHS Digital
How do I know information about me will be kept in a confidential way?
Your personal information is valuable, so you should treat it just as you would any valuable item.
We ensure the security of your information held on our computer systems and areas where paper records are held are robust to prevent unauthorised access.
What are your information rights?
You have a number of rights under the Data Protection Legislation:
- To be informed why, where and how we use your information
- To ask for access to your information through your Medical Records
- To ask for your information to be corrected if it is inaccurate or incomplete
- To ask for your information to be deleted or removed where there is no need for us to continue processing it
- To ask us to restrict the use of your information in certain circumstances
- In limited circumstances to ask us to copy or transfer your information from one IT system to another
- To object to how your information is used
- To challenge decisions made without human intervention (automated decision making)
Other uses of your information
Sometimes we need to pass on your information by law, for example:
- To notify a birth
- When an infectious disease is encountered that may endanger the safety of others (such as meningitis or measles (but not HIV/AIDS)
- Where a formal court order has been issued
- For Prevention and Detection of Crime
- Where Female Genital Mutilation is diagnosed.
How does your information help us to improve services? We may use your information to help look after the health of the general public and to make sure that our services can meet future patient needs.
- Your information may also be used to help us to:
- Review the care we provide to ensure it is of the highest standard
- Teach and train healthcare professionals
- Audit NHS accounts and services
- Investigate complaints, legal claims or untoward incidents
National Data Opt-out Programme
NHS Digital is developing a new system to support the national data opt-out which will give patients more control over how identifiable health and care information is used. The system will offer patients and the public the opportunity to make an informed choice about whether they wish their personally identifiable data to be used just for their individual care and treatment or also used for research and planning purposes. To find out more: NHS Digital national data opt out
Contact for Data Protection Questions or Concerns
If you have any questions or concerns about how we manage your Information then please contact our Data Protection Officer.
Data Protection Officer Beacon Medical Group,
Plympton Health Centre,
The UK regulator for Data Protection Legislation can be contacted as follows:
Information Commissioner’s Office (ICO) Information Commissioner’s Office Wycliffe House Water Lane Wilmslow SK9 5AF